package com.beiding.controller.manager;

/*
    管理员controller

    这里仅仅提供配置页面.实际的配置使用rest面向具体的服务


    需要配置的内容有:

    1.平台费率
    2.订单各种超时时间



 */

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

import java.security.Principal;
import java.util.Collection;

@Controller
@RequestMapping("/manager")
public class ManagerController {

    //配置总页
    @GetMapping
    String index(Principal principal, Model model) {

        //在这里对该管理员的权限进行检查,index页面只会呈现管理员具有权限的跳转

        UsernamePasswordAuthenticationToken user = (UsernamePasswordAuthenticationToken) principal;

        Collection<GrantedAuthority> authorities = user.getAuthorities();

        model.addAttribute("authorities", authorities);

        return "manager/index";
    }

    //对订单的配置.必须具备订单管理员权限的人才能进入
    @GetMapping("/order")
    @Secured("ROLE_MANAGER_ORDER")
    String order() {
        return "manager/order";
    }

    @GetMapping("/admin")
    @Secured("ROLE_ADMIN")
    String admin(){
        return "manager/admin";
    }

}
